package com.bishe.demo.config;


import com.bishe.demo.core.auth.MyUserDetailsService;
import com.bishe.demo.core.handler.MyAccessDeniedHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.cors.CorsUtils;

@Configuration
//@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyUserDetailsService udsi;

    @Autowired
    private MyAccessDeniedHandler myAccessDeniedHandler;

//    @Override
//    public void configure(WebSecurity web) throws Exception {      //修改权限校验时给role加的前缀
//        web.expressionHandler(new DefaultWebSecurityExpressionHandler(){
//            @Override
//            protected SecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi) {
//                WebSecurityExpressionRoot root = (WebSecurityExpressionRoot) super.createSecurityExpressionRoot(authentication, fi);
//                root.setDefaultRolePrefix(""); //remove the prefix ROLE_
//                return root;
//            }
//        });
//    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

//        http.cors().and().csrf().disable().authorizeRequests()


        http.authorizeRequests()
                //                处理跨域请求中的Preflight请求
                .requestMatchers(CorsUtils::isPreFlightRequest).permitAll()
                .antMatchers("/css/**","/js/**").permitAll()
                .antMatchers("/api/logout").permitAll()
                .antMatchers("/api/account/aclock","/login").permitAll()
                .anyRequest().authenticated()
        ;

        http.exceptionHandling()
                .accessDeniedHandler(myAccessDeniedHandler);

        http.sessionManagement()
                .maximumSessions(1)
                .maxSessionsPreventsLogin(false)
                .expiredSessionStrategy(new CustomExpiredSessionStrategy());

        http.formLogin()
                .loginProcessingUrl("/login")
                .successForwardUrl("/manager/test")
                .failureForwardUrl("/api/toError")
//                .loginPage("/login") //默认的登陆页面
        ;

        http.logout()
                .logoutUrl("/api/logout")
                .logoutSuccessUrl("/api/out")
                .deleteCookies("JSESSIONID")
        ;

        http.csrf().disable();
    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(udsi).passwordEncoder(new BCryptPasswordEncoder());
    }

}
